EIP-2026-106661

PRE-CVE

e107 < 0.7.11 - Arbitrary Variable Overwriting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106661. PoCs published by GulfTech Security.

AI-analyzed exploit summary This advisory details an arbitrary variable overwriting vulnerability in e107's download.php, caused by unsafe use of the extract() function. It explains how this leads to SQL injection and arbitrary PHP code execution, with technical details on exploitation methods and a patch reference.

Description

e107 < 0.7.11 - Arbitrary Variable Overwriting

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/6219

View Code ZIP pw:eip

This advisory details an arbitrary variable overwriting vulnerability in e107's download.php, caused by unsafe use of the extract() function. It explains how this leads to SQL injection and arbitrary PHP code execution, with technical details on exploitation methods and a patch reference.

Classification

Writeup 100%

Attack Type

Sqli | Rce

Complexity

Trivial

Reliability

Reliable

Target: e107 <= 0.7.11

No auth needed

Prerequisites: Access to download.php with a valid category

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026